| |
SchemaViolationException: Missing Required Attribute Type |
|
|
Subject: SchemaViolationException: Missing Required Attribute Type
Author: eLDAP
In response to: Schema Checking Error Database: Why and How an LDAP Entry Went Wrong
Posted on: 08/10/2006 03:24:56 AM
++++++++++++++++++++++++++++++++++
+
+ Test Run #2: Missing Required Attribute Type (sn)
+
++++++++++++++++++++++++++++++++++
dn: cn=Joe Smith,cn=users,dc=mydomain,dc=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgperson
cn: Joe Smith
givenname: Joe
mail: bsmith@mydomain.com
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3019)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2934)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2740)
at com.sun.jndi.ldap.LdapCtx.c_createSubcontext(LdapCtx.java:777)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_createSubcontext(ComponentDirContext.java:319)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.createSubcontext(PartialCompositeDirContext.java:248)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.createSubcontext(PartialCompositeDirContext.java:236)
at javax.naming.directory.InitialDirContext.createSubcontext(InitialDirContext.java:176)
Why The entry's attribute type 'sn' is specified in the MUST list of object class 'person' and thereafter it is required. That's why SunOne forbid it being added. It seems that AD does not care about the MUST list.
>
> On 08/10/2006 03:09:16 AM eLDAP wrote:
I'm trying to list as much as possible wrong cases as to checking against schema in this thread. Any inputs are welcome and helpful for those who come across the same errors.
The servers used in this testing are Microsoft Active Directory Server and SunOne Directory Server. The client is a simple JNDI LDAP ADD application as shown below.
/**
* Sample JNDI client ADD application to demonstrate how to create a new entry
*/
import javax.naming.*;
import javax.naming.directory.*;
import java.util.Hashtable;
public class JNDI_Add
{
public static void main(String[] args)
{
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "ldap://myserver.mydomain.com:389");
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, "cn=directory manager");
env.put(Context.SECURITY_CREDENTIALS, "mypassword");
try {
// Create the initial context
DirContext ctx = new InitialDirContext(env);
// The distinguished name of the new entry
String dn = "cn=Joe Smith,cn=users,dc=mydomain,dc=com";
// Create attributes to be associated with the new entry
Attributes attrs = new BasicAttributes(true);
// Objectclass -- required in MUST list
Attribute oc = new BasicAttribute("objectclass"); // required by 'top'
oc.add("top");
oc.add("person");
oc.add("organizationalPerson");
oc.add("inetOrgPerson");
attrs.put(oc);
// Other mandatory attributes -- required in MUST list
attrs.put("cn", "Joe Smith"); // required by 'person'
attrs.put("sn", "Smith"); // required by 'person'
// Optional attributes -- but they must be defined in schema
attrs.put("givenName","Joe");
attrs.put("mail","jsmith@mydomain.com");
attrs.put("employeeNumber","999-99-9999");
// Other optional attributes -- but they are defined in schema as alias
attrs.put("locality", "San Jose"); /*does not work for AD*/
// Create the context
Context result = ctx.createSubcontext(dn, attrs);
// Close the contexts when we're done
result.close();
ctx.close();
}catch(NamingException e){
e.printStackTrace();
}
}
}
++++++++++++++++++++++++++++++++++
+
+ Test Run #1: Undefined Attribute Type (ssn)
+
++++++++++++++++++++++++++++++++++
dn: cn=Joe Smith,cn=users,dc=mydomain,dc=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgperson
cn: Joe Smith
sn: Smith
givenname: Joe
mail: bsmith@mydomain.com
ssn: 999-99-9999
-- Results From AD --
javax.naming.directory.NoSuchAttributeException: [LDAP: error code 16 - 00000057: LdapErr: DSID-0C090B38, comment: Error in attribute conversion operation, data 0, vece]; remaining name 'cn=Joe Smith,cn=users,dc=mydomain,dc=com'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3009)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2934)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2740)
at com.sun.jndi.ldap.LdapCtx.c_createSubcontext(LdapCtx.java:777)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_createSubcontext(ComponentDirContext.java:319)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.createSubcontext(PartialCompositeDirContext.java:248)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.createSubcontext(PartialCompositeDirContext.java:236)
at javax.naming.directory.InitialDirContext.createSubcontext(InitialDirContext.java:176)
-- Results From SunOne --
javax.naming.directory.SchemaViolationException: [LDAP: error code 65 - Object Class Violation]; remaining name 'cn=Joe Smith,cn=users,dc=mydomain,dc=com'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3019)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2934)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2740)
at com.sun.jndi.ldap.LdapCtx.c_createSubcontext(LdapCtx.java:777)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_createSubcontext(ComponentDirContext.java:319)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.createSubcontext(PartialCompositeDirContext.java:248)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.createSubcontext(PartialCompositeDirContext.java:236)
at javax.naming.directory.InitialDirContext.createSubcontext(InitialDirContext.java:176)
Why
The entry's attribute type 'ssn' is neither defined in the MUST list nor in the MAY list of its all object classes. That's why AD and SunOne both forbid it being added, even though the error code is different (error code 16 from AD whereas 65 from SunOne).
References:
|
|
|
|
